-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 10/1/2015 11:51 PM, Guan Xin wrote:
> On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen
wrote:
>> So sure, yes, without identity verification it's hard to have
confidence
>> in someone's legal identity, absolutely. But even with identity
>> ver
On Thu, Oct 1, 2015 at 7:05 PM, Robert J. Hansen wrote:
>
> Some years ago a user on PGP-Basics was irate over how I refused to sign
> my messages. My argument was basically the one you were using: that
> nobody on the list had verified my identity and that made my signatures
> of marginal use.
On Thu 2015-10-01 07:52:51 -0700, Christian Loehle wrote:
> That's what I would do if I had no other choice. The real downside is
> that it doesn't follow a standard(like openpgp) and I will have to write
> more code on the client side, compared to a standard openpgp solution.
> It just seems like
Jon,
On Fri, Oct 2, 2015 at 1:56 AM, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich
> wrote:
> Keys can be fetched from someone's profile "public_key" field, e.g. you
> could fetch my public key with the query:
>
> /1617090031?fields=public_key
How will this be integr
On 09/30/15 19:17, David Niklas wrote:
> Hello,
> I create for myself a gpg key and want to get it signed, however I've
> sent out half a dozen requests and so far I've gotten only negative
> responses to the effect that I must know so-and-so and we must met in
> person (considering that the person
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 10/01/2015 10:28 PM, Melvin Carvalho wrote:
>
>
...
>
> Reference:
> https://developers.facebook.com/docs/graph-api/reference/user
>
>
> Quick question: I just uploaded my key and the dropdown said
> "public" ... does this mean I can get a
> Names are tremendously fluid instruments. Charles Martel, the hero of
> France, didn't actually have a last name...
Oh, man -- I completely forgot the great one from modernity. You can be
elected President under a pseudonym. Not only that: *it's already
happened*. President Ulysses Simpson G
On 1 October 2015 at 22:30, Kristian Fiskerstrand <
kristian.fiskerstr...@sumptuouscapital.com> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> On 10/01/2015 10:28 PM, Melvin Carvalho wrote:
> >
> >
>
> ...
>
> >
> > Reference:
> > https://developers.facebook.com/docs/graph-api/refe
On 10/01/2015 10:35 PM, Melvin Carvalho wrote:
>
>> Quick question: I just uploaded my key and the dropdown said
>> "public" ... does this mean I can get at it without an access
>> token? That would be super cool!
>
>
>
> I was actually looking into the same thing myself by trying
> somet
On 1 October 2015 at 17:56, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich <
> christian.heinr...@cmlh.id.au> wrote:
> >
> > So as far as I am aware there is no integration with the Facebook
> > GraphAPI yet :(
>
> Hi, I'm Jon - I work on OpenPGP support at Facebook. I th
> Doesn't all decent e-mail clients automagically check if a signature is
> legit and matches the known public key?
Probably not "all", but a lot, yes.
The problem comes from you can't force a user to pay attention to a
warning. Some years ago a friend of mine, Peter Likarish, invented a
browser
(This came just to me, not to the mailing list. I'm assuming Bob
intended to reply-all and just hit the wrong button. If I'm in error,
Bob, please forgive me.)
> What would be no use, and possibly harmful, would be to sign that
> certificate just because you had seen it a couple of times - unle
On 15-10-01 19:14:49, Melvin Carvalho wrote:
> On 1 October 2015 at 17:56, Jon Millican wrote:
>
> > On 26 September 2015 at 03:24, Christian Heinrich <
> > christian.heinr...@cmlh.id.au> wrote:
> > >
> > > So as far as I am aware there is no integration with the Facebook
> > > GraphAPI yet :(
>
On 15-10-01 13:05:28, Robert J. Hansen wrote:
> > Whilst that is partially useful, surely it only vouches for the fact
> > that the postings came from the same person and not who that person is -
> > and as such is of very limited use.
>
> Yes. No. Somewhere in between.
>
> Some years ago a use
I want to use gpg to encrypt a potentially large file to some
(cloud-like) storage provider, the recipients are not known at the time
of uploading.
What I want to do is to send the encrypted session key of the file to a
recipient, when I 'add' them, without reuploading or even touching the
original
On 1 October 2015 at 17:56, Jon Millican wrote:
> On 26 September 2015 at 03:24, Christian Heinrich <
> christian.heinr...@cmlh.id.au> wrote:
> >
> > So as far as I am aware there is no integration with the Facebook
> > GraphAPI yet :(
>
> Hi, I'm Jon - I work on OpenPGP support at Facebook. I th
You can use the --show-session-key and --override-session-key option for
gpg.
$ gpg --encrypt <<< "Test Message" > msg
$ gpg --decrypt --show-session-key msg
$ gpg --decrypt --override-session-key 'the_session_key_gpg_gave_you'
Note that you do not need your private key for the last operation.
H
> Whilst that is partially useful, surely it only vouches for the fact
> that the postings came from the same person and not who that person is -
> and as such is of very limited use.
Yes. No. Somewhere in between.
Some years ago a user on PGP-Basics was irate over how I refused to sign
my mess
On 26 September 2015 at 03:24, Christian Heinrich
mailto:christian.heinr...@cmlh.id.au>> wrote:
>
> So as far as I am aware there is no integration with the Facebook
> GraphAPI yet :(
Hi, I'm Jon - I work on OpenPGP support at Facebook. I thought you might be
interested to hear that we now suppo
I
On October 1, 2015 9:38:13 AM CDT, Christian Loehle
wrote:
>I want to use gpg to encrypt a potentially large file to some
>(cloud-like) storage provider, the recipients are not known at the time
>of uploading.
>What I want to do is to send the encrypted session key of the file to a
>recipient
You can use the --show-session-key and --override-session-key option for
gpg.
$ gpg --encrypt <<< "Test Message" > msg
$ gpg --decrypt --show-session-key msg
$ gpg --decrypt --override-session-key 'the_session_key_gpg_gave_you'
Note that you do not need your private key for the last operation.
H
On Wed, 30 Sep 2015 05:37, d...@fifthhorseman.net said:
> In the subprompt GnuPG provides, use "1" (or "2", etc) to select which
> user ID you want. then use "expire" to change the expiration for that
Well, you can do that but gpg ignores it. The expiration date is taken
from the primary user i
On 01/10/15 15:18, Mark H. Wood wrote:
>
> To put my point more plainly: signatures on products and signatures
> on keys mean different things, and to gain trust for them works in
> different ways.
Another case where common PGP terminology is confusing. You don't really
"sign a key", you certify
On Thu, Oct 01, 2015 at 09:33:59AM +0100, Bob Henson wrote:
> On 30/09/2015 8:58 pm, Robert J. Hansen wrote:
> >> I create for myself a gpg key and want to get it signed
> >
> > More important than whether your certificate gets signed is who signs
> > the certificate, who they are connected to, an
That's what I would do if I had no other choice. The real downside is
that it doesn't follow a standard(like openpgp) and I will have to write
more code on the client side, compared to a standard openpgp solution.
It just seems like there is no reason why separating the session key and
the data wo
I want to use gpg to encrypt a potentially large file to some
(cloud-like) storage provider, the recipients are not known at the time
of uploading.
What I want to do is to send the encrypted session key of the file to a
recipient, when I 'add' them, without re-uploading or even touching the
origina
Le 2015/10/01 13:07 +0200, Niibe Yutaka a écrit:
> I think that Nitrokey series would be a right solution, both for
> hardware-wise and their perspective.
So far, looks good, so I'm hopeful :)
> As Peter suggested, I feel that your use case is not directly related
> to OpenPGP. It seems that you
On 01/10/15 13:08, Bob Henson wrote:
> If the program has been altered the signature will fail, will it not?
Well, first of all, a checksum is not a cryptographic hash. It has
different properties: a checksum usually has no collision resistance.
Which is why the designers of WEP should have never
On 01/10/15 11:35, Peter Lebbing wrote:
>
> Well, it doesn't help me at all to know that the developer of said
> software indeed has "David Niklas" on his passport. That gives me no
> more confidence in the integrity of the software than if he had a
> different name. All I need to know is that tha
On 01/10/2015 11:35 am, Peter Lebbing wrote:
> On 01/10/15 10:33, Bob Henson wrote:
>> There might be a possible exception where there is no individual
>> person to meet - the verification signature with software, say. When
>> you have downloaded the software from the same, known website for
>> som
Hello,
While the discussion proceeds, I can't determine which post I should
reply. Well, I think I reply to this post.
On 09/30/2015 10:37 PM, Laurent Blume wrote:
> The thing is, I asked around (on some other lists), and had a look at
> HSM's, we even have a hundred thousands € worth of HSM, us
On 01/10/15 10:33, Bob Henson wrote:
> There might be a possible exception where there is no individual
> person to meet - the verification signature with software, say. When
> you have downloaded the software from the same, known website for
> some time it might be reasonable to sign the verificat
On 30/09/2015 8:58 pm, Robert J. Hansen wrote:
>> I create for myself a gpg key and want to get it signed
>
> More important than whether your certificate gets signed is who signs
> the certificate, who they are connected to, and so on.
>
> Some people will sign almost anything. People who get a
On 01/10/15 08:06, NIIBE Yutaka wrote:
> Although I have a bit of experience with Poldi, frankly speaking, I
> don't quite understand the need for local login authentication with
> OpenPGPcard. For me, if I do some access control for my own PC, it
> would be better to consider removing keyboard fr
34 matches
Mail list logo
